An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P
Vendors Products
Digium
  • Certified Asterisk
  • Asterisk

Configuration 1 [-]

OR cpe:2.3:a:digium:certified_asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc1:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert1_rc4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert2:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert3:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert4:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert5:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert6:*:*:*:*:*:*
cpe:2.3:a:digium:certified_asterisk:13.13:cert7:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:a:digium:asterisk:*:*:*:*:*:*:*:*
References
Link Resource
http://downloads.digium.com/pub/security/AST-2017-013.html Vendor Advisory
http://www.securityfocus.com/bid/102023 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1039948
https://issues.asterisk.org/jira/browse/ASTERISK-27452 Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2017/12/msg00028.html
https://www.debian.org/security/2017/dsa-4076
https://www.exploit-db.com/exploits/43992/
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-12-02T00:00:00

Updated: 2018-02-09T10:57:01

Reserved: 2017-12-01T00:00:00

Link: CVE-2017-17090

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-12-02T00:29:00.247

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-17090

JSON object: View

cve-icon Redhat Information

No data.

CWE